1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.upgrade.v4_4_0;
24  
25  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
26  import com.liferay.portal.model.Group;
27  import com.liferay.portal.model.Location;
28  import com.liferay.portal.model.Organization;
29  import com.liferay.portal.model.ResourceConstants;
30  import com.liferay.portal.model.Role;
31  import com.liferay.portal.model.UserGroup;
32  import com.liferay.portal.upgrade.UpgradeProcess;
33  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
34  import com.liferay.portlet.documentlibrary.model.DLFolder;
35  import com.liferay.portlet.imagegallery.model.IGFolder;
36  import com.liferay.portlet.messageboards.model.MBCategory;
37  import com.liferay.portlet.shopping.model.ShoppingCategory;
38  
39  import java.sql.Connection;
40  import java.sql.PreparedStatement;
41  import java.sql.ResultSet;
42  
43  /**
44   * <a href="UpgradePermission.java.html"><b><i>View Source</i></b></a>
45   *
46   * @author     Brian Wing Shun Chan
47   * @deprecated
48   */
49  public class UpgradePermission extends UpgradeProcess {
50  
51      protected void deletePermissionByActionIdAndResourceName(
52              String actionId, String resourceName)
53          throws Exception {
54  
55          Connection con = null;
56          PreparedStatement ps = null;
57          ResultSet rs = null;
58  
59          try {
60              con = DataAccess.getConnection();
61  
62              ps = con.prepareStatement(_GET_PERMISSION_SQL);
63  
64              ps.setString(1, actionId);
65              ps.setString(2, resourceName);
66  
67              rs = ps.executeQuery();
68  
69              while (rs.next()) {
70                  long permissionId = rs.getLong("permissionId");
71  
72                  deletePermissionByPermissionId(permissionId);
73              }
74          }
75          finally {
76              DataAccess.cleanUp(con, ps, rs);
77          }
78      }
79  
80      protected void deletePermissionByPermissionId(long permissionId)
81          throws Exception {
82  
83          runSQL(
84              "delete from Permission_ where permissionId = " + permissionId);
85          runSQL(
86              "delete from Groups_Permissions where permissionId = " +
87                  permissionId);
88          runSQL(
89              "delete from Roles_Permissions where permissionId = " +
90                  permissionId);
91          runSQL(
92              "delete from Users_Permissions where permissionId = " +
93                  permissionId);
94      }
95  
96      protected void deletePermissionByResourceId(long resourceId)
97          throws Exception {
98  
99          Connection con = null;
100         PreparedStatement ps = null;
101         ResultSet rs = null;
102 
103         try {
104             con = DataAccess.getConnection();
105 
106             ps = con.prepareStatement(
107                 "select permissionId from Permission_ where resourceId = ?");
108 
109             ps.setLong(1, resourceId);
110 
111             rs = ps.executeQuery();
112 
113             while (rs.next()) {
114                 long permissionId = rs.getLong("permissionId");
115 
116                 deletePermissionByPermissionId(permissionId);
117             }
118         }
119         finally {
120             DataAccess.cleanUp(con, ps, rs);
121         }
122     }
123 
124     protected void deleteResource(long codeId) throws Exception {
125         Connection con = null;
126         PreparedStatement ps = null;
127         ResultSet rs = null;
128 
129         try {
130             con = DataAccess.getConnection();
131 
132             ps = con.prepareStatement(
133                 "select resourceId from Resource_ where codeId = ?");
134 
135             ps.setLong(1, codeId);
136 
137             rs = ps.executeQuery();
138 
139             while (rs.next()) {
140                 long resourceId = rs.getLong("resourceId");
141 
142                 deletePermissionByResourceId(resourceId);
143 
144                 runSQL(
145                     "delete from Resource_ where resourceId = " + resourceId);
146             }
147         }
148         finally {
149             DataAccess.cleanUp(con, ps, rs);
150         }
151     }
152 
153     protected void deleteResourceCode(String resourceName)
154         throws Exception {
155 
156         Connection con = null;
157         PreparedStatement ps = null;
158         ResultSet rs = null;
159 
160         try {
161             con = DataAccess.getConnection();
162 
163             ps = con.prepareStatement(
164                 "select codeId from ResourceCode where name = ?");
165 
166             ps.setString(1, resourceName);
167 
168             rs = ps.executeQuery();
169 
170             while (rs.next()) {
171                 long codeId = rs.getLong("codeId");
172 
173                 deleteResource(codeId);
174 
175                 runSQL(
176                     "delete from ResourceCode where name = '" + resourceName +
177                         "'");
178             }
179         }
180         finally {
181             DataAccess.cleanUp(con, ps, rs);
182         }
183     }
184 
185     protected void deleteRolesPermissions(String roleName) throws Exception {
186         Connection con = null;
187         PreparedStatement ps = null;
188         ResultSet rs = null;
189 
190         try {
191             con = DataAccess.getConnection();
192 
193             ps = con.prepareStatement(_GET_ROLES_PERMISSIONS_SQL);
194 
195             ps.setString(1, roleName);
196 
197             rs = ps.executeQuery();
198 
199             while (rs.next()) {
200                 long roleId = rs.getLong("roleId");
201 
202                 runSQL(
203                     "delete from Roles_Permissions where roleId = " + roleId);
204             }
205         }
206         finally {
207             DataAccess.cleanUp(con, ps, rs);
208         }
209     }
210 
211     protected void deleteUsersPermissions(int scope) throws Exception {
212         Connection con = null;
213         PreparedStatement ps = null;
214         ResultSet rs = null;
215 
216         try {
217             con = DataAccess.getConnection();
218 
219             ps = con.prepareStatement(_GET_USERS_PERMISSIONS_SQL);
220 
221             ps.setLong(1, scope);
222 
223             rs = ps.executeQuery();
224 
225             while (rs.next()) {
226                 long permissionId = rs.getLong("permissionId");
227 
228                 runSQL(
229                     "delete from Users_Permissions where permissionId = " +
230                         permissionId);
231             }
232         }
233         finally {
234             DataAccess.cleanUp(con, ps, rs);
235         }
236     }
237 
238     protected void doUpgrade() throws Exception {
239         runSQL("delete from OrgGroupPermission");
240 
241         for (int i = 0; i < _DELETE_PERMISSIONS.length; i++) {
242             Object[] permission = _DELETE_PERMISSIONS[i];
243 
244             String actionId = (String)permission[0];
245             String resourceName = ((Class<?>)permission[1]).getName();
246 
247             deletePermissionByActionIdAndResourceName(actionId, resourceName);
248         }
249 
250         for (int i = 0; i < _UPDATE_PERMISSIONS.length; i++) {
251             Object[] permission = _UPDATE_PERMISSIONS[i];
252 
253             String oldActionId = (String)permission[0];
254             String newActionId = (String)permission[1];
255             String resourceName = ((Class<?>)permission[2]).getName();
256 
257             updatePermission(oldActionId, newActionId, resourceName);
258         }
259 
260         deleteResourceCode("com.liferay.portlet.blogs.model.BlogsCategory");
261 
262         deleteRolesPermissions("Community Administrator");
263         deleteRolesPermissions("Community Owner");
264         deleteRolesPermissions("Organization Administrator");
265 
266         deleteUsersPermissions(ResourceConstants.SCOPE_GROUP);
267     }
268 
269     protected void updatePermission(
270             String oldActionId, String newActionId, String resourceName)
271         throws Exception {
272 
273         Connection con = null;
274         PreparedStatement ps = null;
275         ResultSet rs = null;
276 
277         try {
278             con = DataAccess.getConnection();
279 
280             ps = con.prepareStatement(_GET_PERMISSION_SQL);
281 
282             ps.setString(1, oldActionId);
283             ps.setString(2, resourceName);
284 
285             rs = ps.executeQuery();
286 
287             while (rs.next()) {
288                 long permissionId = rs.getLong("permissionId");
289 
290                 runSQL(
291                     "update Permission_ set actionId = '" + newActionId +
292                         "' where permissionId = " + permissionId);
293             }
294         }
295         finally {
296             DataAccess.cleanUp(con, ps, rs);
297         }
298     }
299 
300     private static final String _GET_PERMISSION_SQL =
301         "select Permission_.permissionId from Permission_ inner join " +
302             "Resource_ on Resource_.resourceId = Permission_.resourceId " +
303                 "inner join ResourceCode on ResourceCode.codeId = " +
304                     "Resource_.codeId where Permission_.actionId = ? and " +
305                         "ResourceCode.name = ?";
306 
307     private static final String _GET_ROLES_PERMISSIONS_SQL =
308         "select Roles_Permissions.roleId from Roles_Permissions inner join " +
309             "Role_ on Role_.roleId = Roles_Permissions.roleId where " +
310                 "Role_.name = ?";
311 
312     private static final String _GET_USERS_PERMISSIONS_SQL =
313         "select Users_Permissions.permissionId from Users_Permissions inner " +
314             "join Permission_ on Permission_.permissionId = " +
315                 "Users_Permissions.permissionId inner join Resource_ on " +
316                     "Resource_.resourceId = Permission_.resourceId inner " +
317                         "join ResourceCode on ResourceCode.codeId = " +
318                             "Resource_.codeId where ResourceCode.scope = ?";
319 
320     private static Object[][] _DELETE_PERMISSIONS = new Object[][] {
321         new Object[] {
322             "ADMINISTRATE", Group.class
323         },
324         new Object[] {
325             "ADD_USER", Location.class
326         },
327         new Object[] {
328             "ADD_USER", Organization.class
329         },
330         new Object[] {
331             "DELETE_USER", Location.class
332         },
333         new Object[] {
334             "DELETE_USER", Organization.class
335         },
336         new Object[] {
337             "PERMISSIONS_USER", Location.class
338         },
339         new Object[] {
340             "PERMISSIONS_USER", Organization.class
341         },
342         new Object[] {
343             "UPDATE_USER", Location.class
344         },
345         new Object[] {
346             "UPDATE_USER", Organization.class
347         },
348         new Object[] {
349             "VIEW_USER", Location.class
350         },
351         new Object[] {
352             "VIEW_USER", Organization.class
353         }
354     };
355 
356     private static Object[][] _UPDATE_PERMISSIONS = new Object[][] {
357         new Object[] {
358             "ADD_CATEGORY", "ADD_SUBCATEGORY", MBCategory.class
359         },
360         new Object[] {
361             "ADD_CATEGORY", "ADD_SUBCATEGORY", ShoppingCategory.class
362         },
363         new Object[] {
364             "ADD_FOLDER", "ADD_SUBFOLDER", DLFolder.class
365         },
366         new Object[] {
367             "ADD_FOLDER", "ADD_SUBFOLDER", IGFolder.class
368         },
369         new Object[] {
370             "ADD_FOLDER", "ADD_SUBFOLDER", BookmarksFolder.class
371         },
372         new Object[] {
373             "ADD_LOCATION", "MANAGE_SUBORGANIZATIONS", Organization.class
374         },
375         new Object[] {
376             "ADD_PERMISSIONS", "DEFINE_PERMISSIONS", Role.class
377         },
378         new Object[] {
379             "ADD_USER", "MANAGE_USERS", Location.class
380         },
381         new Object[] {
382             "ADD_USER", "MANAGE_USERS", Organization.class
383         },
384         new Object[] {
385             "ASSIGN_USERS", "ASSIGN_MEMBERS", Group.class
386         },
387         new Object[] {
388             "ASSIGN_USERS", "ASSIGN_MEMBERS", Role.class
389         },
390         new Object[] {
391             "ASSIGN_USERS", "ASSIGN_MEMBERS", UserGroup.class
392         }
393     };
394 
395 }